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IN THE CLAIMS 
Please amend claims 1, 3-4, 13, and 15-16 as follows: 

1. (Currently Amended) A public key authorization infrastructure comprising: 
a client program accessible by a user; 

an application program; 

a certificate authority issuing a long-term public key identity certificate (long-term 
certificate) that binds, a public key of the user to long-term identification information related 
to the user; 

a directory for storing short-term authorization information related to the user; and 
a credentials server for issuing a short-term public key credential certificate (short- 
term certificate) to the client, the short-term certificate binds the public key of the user to the 
long-term identification information related to the user from the long term certificate and to 
the short-term authorization information related to the user from the directory, wherein the 
short-term certificate includes meta-data related to the short-term certificate and at least one 
oLan expiration date^ and an expiration t ime and is ft€*nevcr subject to revocation prior to the 
expiration dQto/timc. wherein the client program presents the short-term certificate to the 
application program for authorization and demonstrates that the user has knowledge of a 
private key corresponding to the public key in the short-term certificate. 

2. (Cancelled) 

3. (Currently Amended) The public key authorization infrastructure of claim 1 wherein 
a validity period from when the credentials server issues the short-term certificate to the at 
least one of expiration date/ and expiration t ime is sufficiently short such that the short-term 
certificate does not need to be subject to revocation, 

4. (Currently Amended) The public key authorization infrastructure of claim 1 further 
comprising: 

a certificate revocation list (CRL), wherein the least one of expiration date/_and 
expiration time of the short-term certificate is befoj^the no Inuu than a date/time at which a 
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«e?rt CRL is ngjtj_schaduled to be updated. 

5. (Cancelled) 

6. (Original) The public key authorization infrastructure of claim 1 wherein the short- 
term certificate is a non-structured short-term certificate, 

7. (Previously Presented) The public key authorization infrastructure of claim 1 further 

comprising: 

a second application program; and 

wherein the short-term certificate is a structured short-term certificate including: 
a first folder corresponding to the first named application program and 

containing long-term information and short-term information as required by the fim 

named application program; 

a second folder corresponding to the second application program and 

containing long-term information and short-term information as required by the 

second application; and 

wherein the first folder is open and the second folder is closed when the client 
presents the short-term certificate to the first named application program for 
authorization, wherein closing the second folder makes its contents not readable by 
the first named application program. 

8. (Original) The public key authorization infrastructure of claim 1 wherein the short- 
term certificate is an X.509v3 certificate, 

9. (Original) The public key authorization infrastructure of claim 7 wherein the first 
folder and the second folder are implemented as extension fields of an X.509v3 certificate. 

10. (Original) The public key authorization infrastructure of claim 1 wherein the 
directory further stores the issued long-term certificate. 
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1 1 . (Original) The public key authorization infrastructure of claim 1 wherein the private 
key is stored in a smartcard accessible by the client program. 

12. (Original) The public key authorization infrastructure of claim 1 wherein the private 
key is stored in a secure software wallet accessible by the client program. 

13. (Currently Amended) A method of authorizing a user, the method comprising the 
steps of: 

issuing a long-term public key identity certificate (long-term certificate) that binds a 
public key of the user to long-term identification information related to the user, 

storing short-term authorization information related to the user; 

issuing a short-term public key credential certificate (short-term certificate) that binds 
the public key of the user to the long-term identification information related to the user 
contained in the long-term certificate and to the short-term authorization information related 
to the user wherein die short-term certificate includes meta-data related to the short-term 
certificate and at least one of an expiration date/ and an expiration time and is ftetnfiyer 
subject to revocation prior to the expiration date/tim e; and 

presenting the short-term certificate on behalf of the user to an application program 
for authorization and demonstrating that the user has knowledge of a private key 
corresponding to the public key in the short-term certificate. 

14. (Cancelled) 

15. (Currently Amended) The method of claim 13 wherein a validity period from when 

| the short-term certificate is issued to the at least one of expiration date/ and expiration time is 
sufficiently short such that the short-term certificate does not need to be subject to revocation. 

16. (Currently Amended) The method of claim 13 further comprising the step of: 
maintaining a certificate revocation list (CRL), wherein the at least one of expiration 

date / and expiration time of the short-term certificate is beforcu u later than a timo at whi ch 
me ftest-CRL is next scheduled to be updated. 
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17. (Cancelled) 

1 8. (Original) The method of claim 1 3 wherein the short-term certificate is a non- 
structured short-term certificate. 

19. (Previously Presented) The method of claim 13 wherein the short-term certificate is 
a structured short-term certificate including a first folder corresponding to the first named 
application program and containing long-term information and short-term information as 
required by the first named application program, and including a second folder corresponding 
to a second application program and containing long-term information and short-term 
information as required by the second application, wherein the method further comprises: 

closing the second folder and leaving the first folder open prior to the 
presenting Step if the presenting step presents the short-term certificate to the first 
named application program for authorization, wherein closing the second folder 
makes its contents not readable by the first named application program, 

20. (Original) The method of claim 13 wherein the short-term certificate is an X.509v3 
certificate. 

21 . (Original) The method of claim 1 9 wherein the first folder and the second folder are 
implemented as extension fields of an X.509v3 certificate. 

22. (Original) The method of claim 13 wherein the method further comprises the step of: 
storing the issued long-term certificate in a directory. 

23. (Original) The method of claim 13 further comprising the step of: 
storing the private key in a smartcard. 

24. (Original) The method of claim 13 further comprising the step of: 

storing the private key in a secure software wallei. 
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